diff --git a/etc/ca_hashes.txt b/etc/ca_hashes.txt new file mode 100644 index 0000000..f83c68f --- /dev/null +++ b/etc/ca_hashes.txt @@ -0,0 +1,716 @@ +vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= AAA Certificate Services +ziTrBibe/YFoyWp3AfCTAWAP5d0NvOWOnJe4MK8C7yg= OISTE WISeKey Global Root GA CA +hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= QuoVadis Root CA 1 G3 +j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= QuoVadis Root CA 2 +SkntvS+PgjC9VZKzE1c/4cFypF+pgBHMHt27Nq3j/OU= QuoVadis Root CA 2 G3 +DHrKpxAiZyC7yUA0nuLmFIZSqJ2/QGojLIlfbceOu5o= QuoVadis Root CA 3 +80OOI7POUyUi+s8weSP1j9GGCOm6et3DDpUrQ8SWFsM= QuoVadis Root CA 3 G3 +vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= QuoVadis Root Certification Authority +tKA56vxDELqb3gk+24+dnQs9THwATUgojDXbzBlGfRg= +RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4= Secure Certificate Services +JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= Secure Global CA +MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= AffirmTrust Premium ECC +dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= SecureTrust CA +ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE= +KkISYFqj6K7LD8GYBs87QLU7lfGjTbvW4+0nIwMkq7M= +M4BwmvOwlr48wqQFSBQsClIAKNsJ4st3riIGYWq2y7Q= +qhwr7bGlCLqtf7P14CiXuQfHSN6pt5CJBKrb0El6q2o= Sonera Class1 CA +0qXzLw4BuRDvTjtGv4Tlr1+1aJ59FQfpKeNorIjGzHY= Sonera Class2 CA +lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= Staat der Nederlanden EV Root CA +Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= Staat der Nederlanden Root CA - G2 +QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= Staat der Nederlanden Root CA - G3 +FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ= +hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= ANF Global Root CA +gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= Starfield Root Certificate Authority - G2 +KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I= Starfield Services Root Certificate Authority - G2 +5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority +5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority +FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= StartCom Certification Authority G2 +NJn5P9OUUjv7HsTDrU37MQEx++nuVHa95ild6AjV3Y8= Swisscom Root CA 1 +y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= Swisscom Root CA 2 +9GPFTZ8aBHrtUmVqx4Xgfr7FKOAge/0/VdiTI3Zo9q4= Swisscom Root EV CA 2 +QPz8KIddzL/ry99s10MzEtpjxO/PO9extQXCICCuAnQ= SwissSign Gold CA - G2 +fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= SwissSign Gold Root CA - G3 +60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root CA +KovtMq5oDS0Ye5p6/Rcdg/0Lk16vniwbQ+gCeNIGPjk= SwissSign Platinum CA - G2 +ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= SwissSign Platinum Root CA - G3 +kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= SwissSign Silver CA - G2 +hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= SwissSign Silver Root CA - G3 +MVEmgCM/XyofKUN/VtSYjPCvxBzGxdpidZKOnAvq3ic= Symantec Class 1 Public Primary Certification Authority - G4 +0vkaBOOmHU6teEjI1DteEVLYhXJ0ibxlc4tnwKInhac= Symantec Class 1 Public Primary Certification Authority - G6 +MCeimPpXMU3A490QGUEbj0BMQ8P5NM4734VlEsgKoVw= Symantec Class 2 Public Primary Certification Authority - G4 +ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= Symantec Class 2 Public Primary Certification Authority - G6 +gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= Symantec Class 3 Public Primary Certification Authority - G4 +lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= Symantec Class 3 Public Primary Certification Authority - G6 +Z0A55HJWGWPIywDSGpepChi7ihxMMXrGfjgqZSu1c8A= Apple Root CA - G2 +vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= SZAFIR ROOT CA +YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= T-TeleSec GlobalRoot Class 2 +jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= T-TeleSec GlobalRoot Class 3 +rPZeHWLLWKK6/W/6tA+4hpnEc5fPXLSD1C1pytNM1Is= TC TrustCenter Class 2 CA II +k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= TC TrustCenter Class 3 CA II +a4belqZYpWggpPNdkNtsPv3VdM6UuQnLDX/xfDwYnYM= TC TrustCenter Class 4 CA II +st71NirT+s0EvSkEekOET3ZwNOpIkvgOVr7mkCQ+JQI= TC TrustCenter Universal CA I +qzmksCWVVpGkAmnzU/odXLlOr2x+qYCEhLu7Yv2faPM= TC TrustCenter Universal CA II +q1zbM1Y5c1bW5pGXPCW4YYtl12qQSG6nqKXBd2f0Zzo= TC TrustCenter Universal CA III +ELo0hcqLtogKuVMaQGPkABVVVhx/LgVRZfSbLXT8X2s= TeliaSonera Root CA v1 +myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= Apple Root CA - G3 +HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= thawte Primary Root CA +Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM= thawte Primary Root CA - G2 +GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik= thawte Primary Root CA - G3 +R8ehScqC+nupQKTXEdAQYlxssLdIsXAWxG4lznrNKww= TRUST2408 OCES Primary CA +4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg= Trusted Certificate Services +qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo= +FefnF7Qo/u4686/ZFQ261JcAjTo/8BaWRxmQe9sBpkU= TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 +0Hc622AEPpVDCdlxT+BT6q2KpblYbtukaOJ234IGWt8= TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı +xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= TWCA Global Root CA +ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= TWCA Root Certification Authority +60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root Certificate Authority +zEmXhjyMSKTLXD5lN9wGAo2GOL5J9fiiulby8siox3k= UCA Global Root +qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= UCA Root +QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo= UTN - DATACorp SGC +Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM= UTN-USERFirst-Client Authentication and Email +TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI= UTN-USERFirst-Hardware +gamPx4jDX1V2RalSJOUM0drI/7IJ3B5WiKopIF8TIhg= UTN-USERFirst-Network Applications +D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM= UTN-USERFirst-Object +IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= VeriSign Class 1 Public Primary Certification Authority - G3 +cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= VeriSign Class 2 Public Primary Certification Authority - G3 +SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= VeriSign Class 3 Public Primary Certification Authority - G3 +xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A= +UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= VeriSign Class 3 Public Primary Certification Authority - G4 +JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= VeriSign Class 3 Public Primary Certification Authority - G5 +VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU= VeriSign Class 4 Public Primary Certification Authority - G3 +lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= VeriSign Universal Root Certification Authority +puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= Visa eCommerce Root +LgCRWp974GqyNwx7fCAMCpbVrGpQzhh02+/eQCLU3o4= Visa Information Delivery Root CA +AGyyJqdyxxgtd3I4Pjc/DyKeff40RIEKjW5QkF0g1mE= VRK Gov. Root CA +qZlyzh9sWB0Al/YmGAYuUxV7Unbh7GZRoxVwV/BXszk= WellsSecure Public Root Certificate Authority +BRz5+pXkDpuD7a7aaWH2Fox4ecRmAXJHnN1RqwPOpis= XRamp Global Certification Authority +bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4= +cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= ApplicationCA2 Root +Ow1ztL5KhUrcPlHX75+kiu+7LN2CTWe9x9fQmiq8LUM= Autoridad de Certificacion Firmaprofesional CIF A62634068 +JdSRPPWHCXQU0p0m9sGxlCzW1k6vRdD8+BUmrbqW0yQ= Actalis Authentication Root CA +ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= Autoridad de Certificacion Raiz del Estado Venezolano +Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= Baltimore CyberTrust Root ++OX5BbyTmREme4PVCBSpAyO1Hhg2KdtS1PwtVGilpXg= Belgium Root CA2 +tjjP8FyKgydY7cMCivni1VUUVovGuzSrNtFAuXrGsS0= Buypass Class 2 CA 1 +WVWuKRV0qTE0LPdFDhZlLt4eD7MJfhVx36wRyRVgFWQ= Buypass Class 2 Root CA +sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= Buypass Class 3 Root CA +S9xjb0jSH7aMWjzUogaFeIBDvbUk5+hNQZLEUe40KbU= CA Disig +a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= CA Disig Root R1 +cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= CA Disig Root R2 +UQ0g5cR/Y89mayD2GvYrwJmkKsgk/6RDotp8kLGAipE= Certigna +BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo= AddTrust Class 1 CA Root +NuzGH8fl8ZI9Fn5n3940YIVJs0pjx8bmD/1cGEA4H1w= Certinomis - Autorité Racine +axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= Certinomis - Root CA +28HjoVI4oEg7zbj97GFuA+cFpI4qUBFXyt87nHMRxeU= +lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= Certum CA +qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= Certum Trusted Network CA +aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= Certum Trusted Network CA 2 +iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= Chambers of Commerce Root +ztQ5AqtftXtEIyLcDhcqT7VfcXi4CPlOeApv1sxr2Bg= Chambers of Commerce Root - 2008 +jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= Cisco Root CA 2048 +dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= Class 2 Primary CA +lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= AddTrust External CA Root +mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= Common Policy +AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4= COMODO Certification Authority +aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= ComSign CA +wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= ComSign Global Root CA +zwtHSs6Eafq6QC8C7r354XANnL6L5OQ0hAe2ndMZbpQ= ComSign Secured CA +7KDxgUAs56hlKzG00DbfJH46MLf0GlDZHsT5CwBrQ6E= D-TRUST Root Class 3 CA 2 2009 +/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= D-TRUST Root Class 3 CA 2 EV 2009 +0d4q5hyN8vpiOWYWPUxz1GC/xCjldYW+a/65pWMj0bY= Deutsche Telekom Root CA 2 +gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= Developer ID Certification Authority +I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= DigiCert Assured ID Root CA +OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg= AddTrust Public CA Root +8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik= DigiCert Assured ID Root G2 +Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw= DigiCert Assured ID Root G3 +r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= DigiCert Global Root CA +i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= DigiCert Global Root G2 +uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= DigiCert Global Root G3 +WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= DigiCert High Assurance EV Root CA +Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= DigiCert Trusted Root G4 +itsjhVSgy/w6Ef7MGD480sI9JeeJTPK7rljrcKROfPM= DoD Root CA 2 +PDXhZL7dLPEr64Ps/3i16A2oFY0oMCF+Tr/86JKImaY= DST ACES CA X6 +Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= DST Root CA X3 +xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= AddTrust Qualified CA Root +mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= DST Root CA X4 +wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= E-Tugra Certification Authority +NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= EBG Elektronik Sertifika Hizmet Sağlayıcısı +MJ8T1J6mb1IyQbVVJHREZOKMwbgu95tk5NWBiA3Ndx8= Echoworx Root CA2 +VhdNOtlxqJRJZLGJgR8wCEk6apBCLjxYBOyDjU+U9iI= EE Certification Centre Root CA +bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= Entrust Root Certification Authority +/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI= Entrust Root Certification Authority - EC1 +du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= Entrust Root Certification Authority - G2 +HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048) +HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048) +P6t4T8PJq57twS7NwNtVD0w9v9PobXiBUzPF66UYy50= Admin-Root-CA +YlVMFwBVQ7I3IV8EJo3NL9HEcCQK08hmDiWuLFljD1U= +jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= Federal Common Policy CA +h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= GeoTrust Global CA +SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= GeoTrust Primary Certification Authority +vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= GeoTrust Primary Certification Authority - G2 +q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= GeoTrust Primary Certification Authority - G3 +Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= Global Chambersign Root +knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= Global Chambersign Root - 2008 +cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= GlobalSign +CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk= GlobalSign +bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= AffirmTrust Commercial +fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= GlobalSign +iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= GlobalSign +K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= GlobalSign Root CA +VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8= +Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= Go Daddy Root Certificate Authority - G2 +pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg= +Gno6GmjdI2Hj87uFXzsm/NiLGX2N1N4Gzxs2KsiewTs= Hellenic Academic and Research Institutions RootCA 2011 +NsIjFBMaX78bcOpMz0vBOnd9k47GXh2iTjws/QHT0WM= Hongkong Post Root CA 1 +olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= I.CA - Qualified Certification Authority, 09/2009 +B+hU8mp8vTiZJ6oEG/7xts0h3RQ4GK2UfcZVqeWH/og= IdenTrust Commercial Root CA 1 +lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= AffirmTrust Networking +WN1h/rNup9JYckNxcJFJyxITN4ZMrLLQmZrSBznQZHc= IdenTrust Public Sector Root CA 1 +lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com +KJa03b5hRXGDzH7Se9eKxQogf2kBxcUuU9wWdvm7HgY= Izenpe.com +lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com +y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= Juur-SK +x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= KISA RootCA 1 +YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= Microsec e-Szigno Root CA 2009 +9Iut199qBmkNCuMTc7EoVfje2xRRfzYqMTEBzJjMazU= NetLock Arany (Class Gold) Főtanúsítvány +pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= NetLock Kozjegyzoi (Class A) Tanusitvanykiado +MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ= Network Solutions Certificate Authority +x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc= AffirmTrust Premium +vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= AAA Certificate Services +ziTrBibe/YFoyWp3AfCTAWAP5d0NvOWOnJe4MK8C7yg= OISTE WISeKey Global Root GA CA +hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= QuoVadis Root CA 1 G3 +j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= QuoVadis Root CA 2 +SkntvS+PgjC9VZKzE1c/4cFypF+pgBHMHt27Nq3j/OU= QuoVadis Root CA 2 G3 +DHrKpxAiZyC7yUA0nuLmFIZSqJ2/QGojLIlfbceOu5o= QuoVadis Root CA 3 +80OOI7POUyUi+s8weSP1j9GGCOm6et3DDpUrQ8SWFsM= QuoVadis Root CA 3 G3 +vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= QuoVadis Root Certification Authority +tKA56vxDELqb3gk+24+dnQs9THwATUgojDXbzBlGfRg= +RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4= Secure Certificate Services +JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= Secure Global CA +MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= AffirmTrust Premium ECC +dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= SecureTrust CA +ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE= +KkISYFqj6K7LD8GYBs87QLU7lfGjTbvW4+0nIwMkq7M= +M4BwmvOwlr48wqQFSBQsClIAKNsJ4st3riIGYWq2y7Q= +qhwr7bGlCLqtf7P14CiXuQfHSN6pt5CJBKrb0El6q2o= Sonera Class1 CA +0qXzLw4BuRDvTjtGv4Tlr1+1aJ59FQfpKeNorIjGzHY= Sonera Class2 CA +lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= Staat der Nederlanden EV Root CA +Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= Staat der Nederlanden Root CA - G2 +QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= Staat der Nederlanden Root CA - G3 +FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ= +hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= ANF Global Root CA +gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= Starfield Root Certificate Authority - G2 +KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I= Starfield Services Root Certificate Authority - G2 +5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority +5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority +FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= StartCom Certification Authority G2 +NJn5P9OUUjv7HsTDrU37MQEx++nuVHa95ild6AjV3Y8= Swisscom Root CA 1 +y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= Swisscom Root CA 2 +9GPFTZ8aBHrtUmVqx4Xgfr7FKOAge/0/VdiTI3Zo9q4= Swisscom Root EV CA 2 +QPz8KIddzL/ry99s10MzEtpjxO/PO9extQXCICCuAnQ= SwissSign Gold CA - G2 +fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= SwissSign Gold Root CA - G3 +60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root CA +KovtMq5oDS0Ye5p6/Rcdg/0Lk16vniwbQ+gCeNIGPjk= SwissSign Platinum CA - G2 +ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= SwissSign Platinum Root CA - G3 +kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= SwissSign Silver CA - G2 +hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= SwissSign Silver Root CA - G3 +MVEmgCM/XyofKUN/VtSYjPCvxBzGxdpidZKOnAvq3ic= Symantec Class 1 Public Primary Certification Authority - G4 +0vkaBOOmHU6teEjI1DteEVLYhXJ0ibxlc4tnwKInhac= Symantec Class 1 Public Primary Certification Authority - G6 +MCeimPpXMU3A490QGUEbj0BMQ8P5NM4734VlEsgKoVw= Symantec Class 2 Public Primary Certification Authority - G4 +ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= Symantec Class 2 Public Primary Certification Authority - G6 +gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= Symantec Class 3 Public Primary Certification Authority - G4 +lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= Symantec Class 3 Public Primary Certification Authority - G6 +Z0A55HJWGWPIywDSGpepChi7ihxMMXrGfjgqZSu1c8A= Apple Root CA - G2 +vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= SZAFIR ROOT CA +YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= T-TeleSec GlobalRoot Class 2 +jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= T-TeleSec GlobalRoot Class 3 +rPZeHWLLWKK6/W/6tA+4hpnEc5fPXLSD1C1pytNM1Is= TC TrustCenter Class 2 CA II +k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= TC TrustCenter Class 3 CA II +a4belqZYpWggpPNdkNtsPv3VdM6UuQnLDX/xfDwYnYM= TC TrustCenter Class 4 CA II +st71NirT+s0EvSkEekOET3ZwNOpIkvgOVr7mkCQ+JQI= TC TrustCenter Universal CA I +qzmksCWVVpGkAmnzU/odXLlOr2x+qYCEhLu7Yv2faPM= TC TrustCenter Universal CA II +q1zbM1Y5c1bW5pGXPCW4YYtl12qQSG6nqKXBd2f0Zzo= TC TrustCenter Universal CA III +ELo0hcqLtogKuVMaQGPkABVVVhx/LgVRZfSbLXT8X2s= TeliaSonera Root CA v1 +myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= Apple Root CA - G3 +HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= thawte Primary Root CA +Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM= thawte Primary Root CA - G2 +GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik= thawte Primary Root CA - G3 +R8ehScqC+nupQKTXEdAQYlxssLdIsXAWxG4lznrNKww= TRUST2408 OCES Primary CA +4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg= Trusted Certificate Services +qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo= +FefnF7Qo/u4686/ZFQ261JcAjTo/8BaWRxmQe9sBpkU= TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 +0Hc622AEPpVDCdlxT+BT6q2KpblYbtukaOJ234IGWt8= TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı +xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= TWCA Global Root CA +ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= TWCA Root Certification Authority +60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root Certificate Authority +zEmXhjyMSKTLXD5lN9wGAo2GOL5J9fiiulby8siox3k= UCA Global Root +qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= UCA Root +QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo= UTN - DATACorp SGC +Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM= UTN-USERFirst-Client Authentication and Email +TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI= UTN-USERFirst-Hardware +gamPx4jDX1V2RalSJOUM0drI/7IJ3B5WiKopIF8TIhg= UTN-USERFirst-Network Applications +D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM= UTN-USERFirst-Object +IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= VeriSign Class 1 Public Primary Certification Authority - G3 +cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= VeriSign Class 2 Public Primary Certification Authority - G3 +SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= VeriSign Class 3 Public Primary Certification Authority - G3 +xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A= +UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= VeriSign Class 3 Public Primary Certification Authority - G4 +JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= VeriSign Class 3 Public Primary Certification Authority - G5 +VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU= VeriSign Class 4 Public Primary Certification Authority - G3 +lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= VeriSign Universal Root Certification Authority +puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= Visa eCommerce Root +LgCRWp974GqyNwx7fCAMCpbVrGpQzhh02+/eQCLU3o4= Visa Information Delivery Root CA +AGyyJqdyxxgtd3I4Pjc/DyKeff40RIEKjW5QkF0g1mE= VRK Gov. Root CA +qZlyzh9sWB0Al/YmGAYuUxV7Unbh7GZRoxVwV/BXszk= WellsSecure Public Root Certificate Authority +BRz5+pXkDpuD7a7aaWH2Fox4ecRmAXJHnN1RqwPOpis= XRamp Global Certification Authority +bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4= +cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= ApplicationCA2 Root +Ow1ztL5KhUrcPlHX75+kiu+7LN2CTWe9x9fQmiq8LUM= Autoridad de Certificacion Firmaprofesional CIF A62634068 +JdSRPPWHCXQU0p0m9sGxlCzW1k6vRdD8+BUmrbqW0yQ= Actalis Authentication Root CA +ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= Autoridad de Certificacion Raiz del Estado Venezolano +Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= Baltimore CyberTrust Root ++OX5BbyTmREme4PVCBSpAyO1Hhg2KdtS1PwtVGilpXg= Belgium Root CA2 +tjjP8FyKgydY7cMCivni1VUUVovGuzSrNtFAuXrGsS0= Buypass Class 2 CA 1 +WVWuKRV0qTE0LPdFDhZlLt4eD7MJfhVx36wRyRVgFWQ= Buypass Class 2 Root CA +sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= Buypass Class 3 Root CA +S9xjb0jSH7aMWjzUogaFeIBDvbUk5+hNQZLEUe40KbU= CA Disig +a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= CA Disig Root R1 +cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= CA Disig Root R2 +UQ0g5cR/Y89mayD2GvYrwJmkKsgk/6RDotp8kLGAipE= Certigna +BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo= AddTrust Class 1 CA Root +NuzGH8fl8ZI9Fn5n3940YIVJs0pjx8bmD/1cGEA4H1w= Certinomis - Autorité Racine +axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= Certinomis - Root CA +28HjoVI4oEg7zbj97GFuA+cFpI4qUBFXyt87nHMRxeU= +lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= Certum CA +qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= Certum Trusted Network CA +aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= Certum Trusted Network CA 2 +iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= Chambers of Commerce Root +ztQ5AqtftXtEIyLcDhcqT7VfcXi4CPlOeApv1sxr2Bg= Chambers of Commerce Root - 2008 +jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= Cisco Root CA 2048 +dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= Class 2 Primary CA +lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= AddTrust External CA Root +mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= Common Policy +AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4= COMODO Certification Authority +aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= ComSign CA +wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= ComSign Global Root CA +zwtHSs6Eafq6QC8C7r354XANnL6L5OQ0hAe2ndMZbpQ= ComSign Secured CA +7KDxgUAs56hlKzG00DbfJH46MLf0GlDZHsT5CwBrQ6E= D-TRUST Root Class 3 CA 2 2009 +/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= D-TRUST Root Class 3 CA 2 EV 2009 +0d4q5hyN8vpiOWYWPUxz1GC/xCjldYW+a/65pWMj0bY= Deutsche Telekom Root CA 2 +gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= Developer ID Certification Authority +I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= DigiCert Assured ID Root CA +OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg= AddTrust Public CA Root +8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik= DigiCert Assured ID Root G2 +Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw= DigiCert Assured ID Root G3 +r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= DigiCert Global Root CA +i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= DigiCert Global Root G2 +uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= DigiCert Global Root G3 +WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= DigiCert High Assurance EV Root CA +Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= DigiCert Trusted Root G4 +itsjhVSgy/w6Ef7MGD480sI9JeeJTPK7rljrcKROfPM= DoD Root CA 2 +PDXhZL7dLPEr64Ps/3i16A2oFY0oMCF+Tr/86JKImaY= DST ACES CA X6 +Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= DST Root CA X3 +xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= AddTrust Qualified CA Root +mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= DST Root CA X4 +wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= E-Tugra Certification Authority +NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= EBG Elektronik Sertifika Hizmet Sağlayıcısı +MJ8T1J6mb1IyQbVVJHREZOKMwbgu95tk5NWBiA3Ndx8= Echoworx Root CA2 +VhdNOtlxqJRJZLGJgR8wCEk6apBCLjxYBOyDjU+U9iI= EE Certification Centre Root CA +bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= Entrust Root Certification Authority +/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI= Entrust Root Certification Authority - EC1 +du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= Entrust Root Certification Authority - G2 +HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048) +HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048) +P6t4T8PJq57twS7NwNtVD0w9v9PobXiBUzPF66UYy50= Admin-Root-CA +YlVMFwBVQ7I3IV8EJo3NL9HEcCQK08hmDiWuLFljD1U= +jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= Federal Common Policy CA +h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= GeoTrust Global CA +SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= GeoTrust Primary Certification Authority +vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= GeoTrust Primary Certification Authority - G2 +q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= GeoTrust Primary Certification Authority - G3 +Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= Global Chambersign Root +knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= Global Chambersign Root - 2008 +cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= GlobalSign +CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk= GlobalSign +bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= AffirmTrust Commercial +fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= GlobalSign +iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= GlobalSign +K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= GlobalSign Root CA +VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8= +Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= Go Daddy Root Certificate Authority - G2 +pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg= +Gno6GmjdI2Hj87uFXzsm/NiLGX2N1N4Gzxs2KsiewTs= Hellenic Academic and Research Institutions RootCA 2011 +NsIjFBMaX78bcOpMz0vBOnd9k47GXh2iTjws/QHT0WM= Hongkong Post Root CA 1 +olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= I.CA - Qualified Certification Authority, 09/2009 +B+hU8mp8vTiZJ6oEG/7xts0h3RQ4GK2UfcZVqeWH/og= IdenTrust Commercial Root CA 1 +lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= AffirmTrust Networking +WN1h/rNup9JYckNxcJFJyxITN4ZMrLLQmZrSBznQZHc= IdenTrust Public Sector Root CA 1 +lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com +KJa03b5hRXGDzH7Se9eKxQogf2kBxcUuU9wWdvm7HgY= Izenpe.com +lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com +y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= Juur-SK +x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= KISA RootCA 1 +YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= Microsec e-Szigno Root CA 2009 +9Iut199qBmkNCuMTc7EoVfje2xRRfzYqMTEBzJjMazU= NetLock Arany (Class Gold) Főtanúsítvány +pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= NetLock Kozjegyzoi (Class A) Tanusitvanykiado +MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ= Network Solutions Certificate Authority +x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc= AffirmTrust Premium +vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= AAA Certificate Services +ziTrBibe/YFoyWp3AfCTAWAP5d0NvOWOnJe4MK8C7yg= OISTE WISeKey Global Root GA CA +hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= QuoVadis Root CA 1 G3 +j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= QuoVadis Root CA 2 +SkntvS+PgjC9VZKzE1c/4cFypF+pgBHMHt27Nq3j/OU= QuoVadis Root CA 2 G3 +DHrKpxAiZyC7yUA0nuLmFIZSqJ2/QGojLIlfbceOu5o= QuoVadis Root CA 3 +80OOI7POUyUi+s8weSP1j9GGCOm6et3DDpUrQ8SWFsM= QuoVadis Root CA 3 G3 +vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= QuoVadis Root Certification Authority +tKA56vxDELqb3gk+24+dnQs9THwATUgojDXbzBlGfRg= +RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4= Secure Certificate Services +JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= Secure Global CA +MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= AffirmTrust Premium ECC +dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= SecureTrust CA +ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE= +KkISYFqj6K7LD8GYBs87QLU7lfGjTbvW4+0nIwMkq7M= +M4BwmvOwlr48wqQFSBQsClIAKNsJ4st3riIGYWq2y7Q= +qhwr7bGlCLqtf7P14CiXuQfHSN6pt5CJBKrb0El6q2o= Sonera Class1 CA +0qXzLw4BuRDvTjtGv4Tlr1+1aJ59FQfpKeNorIjGzHY= Sonera Class2 CA +lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= Staat der Nederlanden EV Root CA +Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= Staat der Nederlanden Root CA - G2 +QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= Staat der Nederlanden Root CA - G3 +FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ= +hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= ANF Global Root CA +gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= Starfield Root Certificate Authority - G2 +KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I= Starfield Services Root Certificate Authority - G2 +5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority +5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority +FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= StartCom Certification Authority G2 +NJn5P9OUUjv7HsTDrU37MQEx++nuVHa95ild6AjV3Y8= Swisscom Root CA 1 +y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= Swisscom Root CA 2 +9GPFTZ8aBHrtUmVqx4Xgfr7FKOAge/0/VdiTI3Zo9q4= Swisscom Root EV CA 2 +QPz8KIddzL/ry99s10MzEtpjxO/PO9extQXCICCuAnQ= SwissSign Gold CA - G2 +fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= SwissSign Gold Root CA - G3 +60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root CA +KovtMq5oDS0Ye5p6/Rcdg/0Lk16vniwbQ+gCeNIGPjk= SwissSign Platinum CA - G2 +ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= SwissSign Platinum Root CA - G3 +kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= SwissSign Silver CA - G2 +hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= SwissSign Silver Root CA - G3 +MVEmgCM/XyofKUN/VtSYjPCvxBzGxdpidZKOnAvq3ic= Symantec Class 1 Public Primary Certification Authority - G4 +0vkaBOOmHU6teEjI1DteEVLYhXJ0ibxlc4tnwKInhac= Symantec Class 1 Public Primary Certification Authority - G6 +MCeimPpXMU3A490QGUEbj0BMQ8P5NM4734VlEsgKoVw= Symantec Class 2 Public Primary Certification Authority - G4 +ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= Symantec Class 2 Public Primary Certification Authority - G6 +gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= Symantec Class 3 Public Primary Certification Authority - G4 +lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= Symantec Class 3 Public Primary Certification Authority - G6 +Z0A55HJWGWPIywDSGpepChi7ihxMMXrGfjgqZSu1c8A= Apple Root CA - G2 +vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= SZAFIR ROOT CA +YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= T-TeleSec GlobalRoot Class 2 +jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= T-TeleSec GlobalRoot Class 3 +rPZeHWLLWKK6/W/6tA+4hpnEc5fPXLSD1C1pytNM1Is= TC TrustCenter Class 2 CA II +k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= TC TrustCenter Class 3 CA II +a4belqZYpWggpPNdkNtsPv3VdM6UuQnLDX/xfDwYnYM= TC TrustCenter Class 4 CA II +st71NirT+s0EvSkEekOET3ZwNOpIkvgOVr7mkCQ+JQI= TC TrustCenter Universal CA I +qzmksCWVVpGkAmnzU/odXLlOr2x+qYCEhLu7Yv2faPM= TC TrustCenter Universal CA II +q1zbM1Y5c1bW5pGXPCW4YYtl12qQSG6nqKXBd2f0Zzo= TC TrustCenter Universal CA III +ELo0hcqLtogKuVMaQGPkABVVVhx/LgVRZfSbLXT8X2s= TeliaSonera Root CA v1 +myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= Apple Root CA - G3 +HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= thawte Primary Root CA +Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM= thawte Primary Root CA - G2 +GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik= thawte Primary Root CA - G3 +R8ehScqC+nupQKTXEdAQYlxssLdIsXAWxG4lznrNKww= TRUST2408 OCES Primary CA +4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg= Trusted Certificate Services +qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo= +FefnF7Qo/u4686/ZFQ261JcAjTo/8BaWRxmQe9sBpkU= TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 +0Hc622AEPpVDCdlxT+BT6q2KpblYbtukaOJ234IGWt8= TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı +xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= TWCA Global Root CA +ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= TWCA Root Certification Authority +60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root Certificate Authority +zEmXhjyMSKTLXD5lN9wGAo2GOL5J9fiiulby8siox3k= UCA Global Root +qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= UCA Root +QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo= UTN - DATACorp SGC +Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM= UTN-USERFirst-Client Authentication and Email +TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI= UTN-USERFirst-Hardware +gamPx4jDX1V2RalSJOUM0drI/7IJ3B5WiKopIF8TIhg= UTN-USERFirst-Network Applications +D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM= UTN-USERFirst-Object +IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= VeriSign Class 1 Public Primary Certification Authority - G3 +cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= VeriSign Class 2 Public Primary Certification Authority - G3 +SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= VeriSign Class 3 Public Primary Certification Authority - G3 +xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A= +UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= VeriSign Class 3 Public Primary Certification Authority - G4 +JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= VeriSign Class 3 Public Primary Certification Authority - G5 +VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU= VeriSign Class 4 Public Primary Certification Authority - G3 +lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= VeriSign Universal Root Certification Authority +puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= Visa eCommerce Root +LgCRWp974GqyNwx7fCAMCpbVrGpQzhh02+/eQCLU3o4= Visa Information Delivery Root CA +AGyyJqdyxxgtd3I4Pjc/DyKeff40RIEKjW5QkF0g1mE= VRK Gov. Root CA +qZlyzh9sWB0Al/YmGAYuUxV7Unbh7GZRoxVwV/BXszk= WellsSecure Public Root Certificate Authority +BRz5+pXkDpuD7a7aaWH2Fox4ecRmAXJHnN1RqwPOpis= XRamp Global Certification Authority +bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4= +cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= ApplicationCA2 Root +Ow1ztL5KhUrcPlHX75+kiu+7LN2CTWe9x9fQmiq8LUM= Autoridad de Certificacion Firmaprofesional CIF A62634068 +JdSRPPWHCXQU0p0m9sGxlCzW1k6vRdD8+BUmrbqW0yQ= Actalis Authentication Root CA +ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= Autoridad de Certificacion Raiz del Estado Venezolano +Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= Baltimore CyberTrust Root ++OX5BbyTmREme4PVCBSpAyO1Hhg2KdtS1PwtVGilpXg= Belgium Root CA2 +tjjP8FyKgydY7cMCivni1VUUVovGuzSrNtFAuXrGsS0= Buypass Class 2 CA 1 +WVWuKRV0qTE0LPdFDhZlLt4eD7MJfhVx36wRyRVgFWQ= Buypass Class 2 Root CA +sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= Buypass Class 3 Root CA +S9xjb0jSH7aMWjzUogaFeIBDvbUk5+hNQZLEUe40KbU= CA Disig +a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= CA Disig Root R1 +cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= CA Disig Root R2 +UQ0g5cR/Y89mayD2GvYrwJmkKsgk/6RDotp8kLGAipE= Certigna +BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo= AddTrust Class 1 CA Root +NuzGH8fl8ZI9Fn5n3940YIVJs0pjx8bmD/1cGEA4H1w= Certinomis - Autorité Racine +axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= Certinomis - Root CA +28HjoVI4oEg7zbj97GFuA+cFpI4qUBFXyt87nHMRxeU= +lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= Certum CA +qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= Certum Trusted Network CA +aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= Certum Trusted Network CA 2 +iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= Chambers of Commerce Root +ztQ5AqtftXtEIyLcDhcqT7VfcXi4CPlOeApv1sxr2Bg= Chambers of Commerce Root - 2008 +jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= Cisco Root CA 2048 +dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= Class 2 Primary CA +lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= AddTrust External CA Root +mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= Common Policy +AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4= COMODO Certification Authority +aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= ComSign CA +wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= ComSign Global Root CA +zwtHSs6Eafq6QC8C7r354XANnL6L5OQ0hAe2ndMZbpQ= ComSign Secured CA +7KDxgUAs56hlKzG00DbfJH46MLf0GlDZHsT5CwBrQ6E= D-TRUST Root Class 3 CA 2 2009 +/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= D-TRUST Root Class 3 CA 2 EV 2009 +0d4q5hyN8vpiOWYWPUxz1GC/xCjldYW+a/65pWMj0bY= Deutsche Telekom Root CA 2 +gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= Developer ID Certification Authority +I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= DigiCert Assured ID Root CA +OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg= AddTrust Public CA Root +8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik= DigiCert Assured ID Root G2 +Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw= DigiCert Assured ID Root G3 +r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= DigiCert Global Root CA +i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= DigiCert Global Root G2 +uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= DigiCert Global Root G3 +WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= DigiCert High Assurance EV Root CA +Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= DigiCert Trusted Root G4 +itsjhVSgy/w6Ef7MGD480sI9JeeJTPK7rljrcKROfPM= DoD Root CA 2 +PDXhZL7dLPEr64Ps/3i16A2oFY0oMCF+Tr/86JKImaY= DST ACES CA X6 +Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= DST Root CA X3 +xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= AddTrust Qualified CA Root +mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= DST Root CA X4 +wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= E-Tugra Certification Authority +NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= EBG Elektronik Sertifika Hizmet Sağlayıcısı +MJ8T1J6mb1IyQbVVJHREZOKMwbgu95tk5NWBiA3Ndx8= Echoworx Root CA2 +VhdNOtlxqJRJZLGJgR8wCEk6apBCLjxYBOyDjU+U9iI= EE Certification Centre Root CA +bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= Entrust Root Certification Authority +/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI= Entrust Root Certification Authority - EC1 +du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= Entrust Root Certification Authority - G2 +HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048) +HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048) +P6t4T8PJq57twS7NwNtVD0w9v9PobXiBUzPF66UYy50= Admin-Root-CA +YlVMFwBVQ7I3IV8EJo3NL9HEcCQK08hmDiWuLFljD1U= +jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= Federal Common Policy CA +h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= GeoTrust Global CA +SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= GeoTrust Primary Certification Authority +vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= GeoTrust Primary Certification Authority - G2 +q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= GeoTrust Primary Certification Authority - G3 +Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= Global Chambersign Root +knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= Global Chambersign Root - 2008 +cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= GlobalSign +CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk= GlobalSign +bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= AffirmTrust Commercial +fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= GlobalSign +iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= GlobalSign +K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= GlobalSign Root CA +VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8= +Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= Go Daddy Root Certificate Authority - G2 +pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg= +Gno6GmjdI2Hj87uFXzsm/NiLGX2N1N4Gzxs2KsiewTs= Hellenic Academic and Research Institutions RootCA 2011 +NsIjFBMaX78bcOpMz0vBOnd9k47GXh2iTjws/QHT0WM= Hongkong Post Root CA 1 +olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= I.CA - Qualified Certification Authority, 09/2009 +B+hU8mp8vTiZJ6oEG/7xts0h3RQ4GK2UfcZVqeWH/og= IdenTrust Commercial Root CA 1 +lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= AffirmTrust Networking +WN1h/rNup9JYckNxcJFJyxITN4ZMrLLQmZrSBznQZHc= IdenTrust Public Sector Root CA 1 +lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com +KJa03b5hRXGDzH7Se9eKxQogf2kBxcUuU9wWdvm7HgY= Izenpe.com +lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com +y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= Juur-SK +x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= KISA RootCA 1 +YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= Microsec e-Szigno Root CA 2009 +9Iut199qBmkNCuMTc7EoVfje2xRRfzYqMTEBzJjMazU= NetLock Arany (Class Gold) Főtanúsítvány +pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= NetLock Kozjegyzoi (Class A) Tanusitvanykiado +MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ= Network Solutions Certificate Authority +x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc= AffirmTrust Premium +vRU+17BDT2iGsXvOi76E7TQMcTLXAqj0+jGPdW7L1vM= AAA Certificate Services +ziTrBibe/YFoyWp3AfCTAWAP5d0NvOWOnJe4MK8C7yg= OISTE WISeKey Global Root GA CA +hqaPBQA0EmpUDTnbLF+RfvZqlPuWGfoezYJ86ka6DLA= QuoVadis Root CA 1 G3 +j9ESw8g3DxR9XM06fYZeuN1UB4O6xp/GAIjjdD/zM3g= QuoVadis Root CA 2 +SkntvS+PgjC9VZKzE1c/4cFypF+pgBHMHt27Nq3j/OU= QuoVadis Root CA 2 G3 +DHrKpxAiZyC7yUA0nuLmFIZSqJ2/QGojLIlfbceOu5o= QuoVadis Root CA 3 +80OOI7POUyUi+s8weSP1j9GGCOm6et3DDpUrQ8SWFsM= QuoVadis Root CA 3 G3 +vj23t5v+V53PmwfKTK11r/FpdVaOW0XPyuTWH7Yxdag= QuoVadis Root Certification Authority +tKA56vxDELqb3gk+24+dnQs9THwATUgojDXbzBlGfRg= +RpHL/ehKa2BS3b4VK7DCFq4lqG5XR4E9vA8UfzOFcL4= Secure Certificate Services +JZaQTcTWma4gws703OR/KFk313RkrDcHRvUt6na6DCg= Secure Global CA +MhmwkRT/SVo+tusAwu/qs0ACrl8KVsdnnqCHo/oDfk8= AffirmTrust Premium ECC +dykHF2FLJfEpZOvbOLX4PKrcD2w2sHd/iA/G3uHTOcw= SecureTrust CA +ZUT/mttkLEw2mKYNgUO2uTvO8BNltUD2FNzCpFq5TTE= +KkISYFqj6K7LD8GYBs87QLU7lfGjTbvW4+0nIwMkq7M= +M4BwmvOwlr48wqQFSBQsClIAKNsJ4st3riIGYWq2y7Q= +qhwr7bGlCLqtf7P14CiXuQfHSN6pt5CJBKrb0El6q2o= Sonera Class1 CA +0qXzLw4BuRDvTjtGv4Tlr1+1aJ59FQfpKeNorIjGzHY= Sonera Class2 CA +lR7gRvqDMW5nhsCMRPE7TKLq0tJkTWMxQ5HAzHCIfQ0= Staat der Nederlanden EV Root CA +Bed+8f3+BeLcpSLK5k2DeaBBt7TxbHyuNgZ6f3KhSHI= Staat der Nederlanden Root CA - G2 +QiOJQAOogcXfa6sWPbI1wiGhjVS/dZlFgg5nDaguPzk= Staat der Nederlanden Root CA - G3 +FfFKxFycfaIz00eRZOgTf+Ne4POK6FgYPwhBDqgqxLQ= +hdJr6Q2TT8zbT/ezjYx5ynZSuBbWpSRGyoQoprhdxXw= ANF Global Root CA +gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ= Starfield Root Certificate Authority - G2 +KwccWaCgrnaw6tsrrSO61FgLacNgG2MMLq8GE6+oP5I= Starfield Services Root Certificate Authority - G2 +5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority +5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU= StartCom Certification Authority +FSg5faISiQqDCwuVpZlozvI0dzd531GBzxD6ZHU0u2U= StartCom Certification Authority G2 +NJn5P9OUUjv7HsTDrU37MQEx++nuVHa95ild6AjV3Y8= Swisscom Root CA 1 +y26RcRrW1VyJBvN5ywcftcR5M2VKdBVhLu5mKfJvvNc= Swisscom Root CA 2 +9GPFTZ8aBHrtUmVqx4Xgfr7FKOAge/0/VdiTI3Zo9q4= Swisscom Root EV CA 2 +QPz8KIddzL/ry99s10MzEtpjxO/PO9extQXCICCuAnQ= SwissSign Gold CA - G2 +fx3siwMZVIoFbeW7UhvZPrdOanbyjf+3W0WlO3da96s= SwissSign Gold Root CA - G3 +60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root CA +KovtMq5oDS0Ye5p6/Rcdg/0Lk16vniwbQ+gCeNIGPjk= SwissSign Platinum CA - G2 +ipA7YAoICzjf4g37as0jEi9kYg5YCLn8hoiVL8GjVZw= SwissSign Platinum Root CA - G3 +kxgib4yDr+R/X0fCT1nOEtuoxzsYG+5rLqH0Cga8GGk= SwissSign Silver CA - G2 +hKrAk+CMSdv/+OVgdZJI2+ZxNbNysj0qiB1fmcuxkeg= SwissSign Silver Root CA - G3 +MVEmgCM/XyofKUN/VtSYjPCvxBzGxdpidZKOnAvq3ic= Symantec Class 1 Public Primary Certification Authority - G4 +0vkaBOOmHU6teEjI1DteEVLYhXJ0ibxlc4tnwKInhac= Symantec Class 1 Public Primary Certification Authority - G6 +MCeimPpXMU3A490QGUEbj0BMQ8P5NM4734VlEsgKoVw= Symantec Class 2 Public Primary Certification Authority - G4 +ryB8Yf2cfPksKv6BVCgtw/LL8y91zRcoFMUrA7frwlg= Symantec Class 2 Public Primary Certification Authority - G6 +gJ8rquNa+082vWR2znXCABB3kBtq9cTauC4YjGuVwaE= Symantec Class 3 Public Primary Certification Authority - G4 +lXNUc71no7lajV+QxaIazh4NeUcyBnTUq4R5crkVRNI= Symantec Class 3 Public Primary Certification Authority - G6 +Z0A55HJWGWPIywDSGpepChi7ihxMMXrGfjgqZSu1c8A= Apple Root CA - G2 +vM6OK7rucbY1jd1kHLv8Jd5FQAMAYnH3W1C3JtZ8O8k= SZAFIR ROOT CA +YQbA46CimYMYdRJ719PMGFmAPVEcrBHrbghA3RZvwQ4= T-TeleSec GlobalRoot Class 2 +jXZ3ZLPL2giSnQcqIqVh9NzdG8V9PL3clIxH0rR/kSI= T-TeleSec GlobalRoot Class 3 +rPZeHWLLWKK6/W/6tA+4hpnEc5fPXLSD1C1pytNM1Is= TC TrustCenter Class 2 CA II +k5KuIUmSSt435kXbof9L3dzaKykbYJdmnSr6XHo3Jhk= TC TrustCenter Class 3 CA II +a4belqZYpWggpPNdkNtsPv3VdM6UuQnLDX/xfDwYnYM= TC TrustCenter Class 4 CA II +st71NirT+s0EvSkEekOET3ZwNOpIkvgOVr7mkCQ+JQI= TC TrustCenter Universal CA I +qzmksCWVVpGkAmnzU/odXLlOr2x+qYCEhLu7Yv2faPM= TC TrustCenter Universal CA II +q1zbM1Y5c1bW5pGXPCW4YYtl12qQSG6nqKXBd2f0Zzo= TC TrustCenter Universal CA III +ELo0hcqLtogKuVMaQGPkABVVVhx/LgVRZfSbLXT8X2s= TeliaSonera Root CA v1 +myGdD7/zal+zIJBXGQa87qaGF8gzo/YbgeliqOZNuK8= Apple Root CA - G3 +HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY= thawte Primary Root CA +Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM= thawte Primary Root CA - G2 +GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik= thawte Primary Root CA - G3 +R8ehScqC+nupQKTXEdAQYlxssLdIsXAWxG4lznrNKww= TRUST2408 OCES Primary CA +4tiR77c4ZpEF1TDeXtcuKyrD9KZweLU0mz/ayklvXrg= Trusted Certificate Services +qHRDs9iW6yV8zOmbla2pvIG5204xQqqama8JQssKSjo= +FefnF7Qo/u4686/ZFQ261JcAjTo/8BaWRxmQe9sBpkU= TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3 +0Hc622AEPpVDCdlxT+BT6q2KpblYbtukaOJ234IGWt8= TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı +xES1tmzl1x4bXkDyc4XJXL/SSgW1b3DKwJkvD1DDN5w= TWCA Global Root CA +ksRoeWJu8swezqUMcvteOFhECV8hy/Oyg8uC5rn8alg= TWCA Root Certification Authority +60mT76mwieWTQYqok/jpOnN02BDlL8vgHn8dfpKm0CQ= Apple Root Certificate Authority +zEmXhjyMSKTLXD5lN9wGAo2GOL5J9fiiulby8siox3k= UCA Global Root +qGvauPSAtuuJQquRcL3QmRlxp60TXfu8tyhfB6fR44o= UCA Root +QAL80xHQczFWfnG82XHkYEjI3OjRZZcRdTs9qiommvo= UTN - DATACorp SGC +Laj56jRU0hFGRko/nQKNxMf7tXscUsc8KwVyovWZotM= UTN-USERFirst-Client Authentication and Email +TUDnr0MEoJ3of7+YliBMBVFB4/gJsv5zO7IxD9+YoWI= UTN-USERFirst-Hardware +gamPx4jDX1V2RalSJOUM0drI/7IJ3B5WiKopIF8TIhg= UTN-USERFirst-Network Applications +D+FMJksXu28NZT56cOs2Pb9UvhWAOe3a5cJXEd9IwQM= UTN-USERFirst-Object +IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM= VeriSign Class 1 Public Primary Certification Authority - G3 +cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM= VeriSign Class 2 Public Primary Certification Authority - G3 +SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4= VeriSign Class 3 Public Primary Certification Authority - G3 +xWl76RzWVVObVgdY6RtuCFRhYjdBA0xIXkfX6dJaA8A= +UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4= VeriSign Class 3 Public Primary Certification Authority - G4 +JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg= VeriSign Class 3 Public Primary Certification Authority - G5 +VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU= VeriSign Class 4 Public Primary Certification Authority - G3 +lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI= VeriSign Universal Root Certification Authority +puEf8V7DJqXj8YrTOgVmlNyExpl2bQKKWtDv4ajlOsc= Visa eCommerce Root +LgCRWp974GqyNwx7fCAMCpbVrGpQzhh02+/eQCLU3o4= Visa Information Delivery Root CA +AGyyJqdyxxgtd3I4Pjc/DyKeff40RIEKjW5QkF0g1mE= VRK Gov. Root CA +qZlyzh9sWB0Al/YmGAYuUxV7Unbh7GZRoxVwV/BXszk= WellsSecure Public Root Certificate Authority +BRz5+pXkDpuD7a7aaWH2Fox4ecRmAXJHnN1RqwPOpis= XRamp Global Certification Authority +bz4Hf+VQRkbAGRr85JTk62gYPjmPWk3AVmn4tubmgv4= +cZz1s2GS573mUMyRNB5vZJ27jD7ki6yql/oOBbY3S0E= ApplicationCA2 Root +Ow1ztL5KhUrcPlHX75+kiu+7LN2CTWe9x9fQmiq8LUM= Autoridad de Certificacion Firmaprofesional CIF A62634068 +JdSRPPWHCXQU0p0m9sGxlCzW1k6vRdD8+BUmrbqW0yQ= Actalis Authentication Root CA +ZZyzaKxWmYvQevLK/F+5P455R0rMwqbPGsnyGS0TY2A= Autoridad de Certificacion Raiz del Estado Venezolano +Y9mvm0exBk1JoQ57f9Vm28jKo5lFm/woKcVxrYxu80o= Baltimore CyberTrust Root ++OX5BbyTmREme4PVCBSpAyO1Hhg2KdtS1PwtVGilpXg= Belgium Root CA2 +tjjP8FyKgydY7cMCivni1VUUVovGuzSrNtFAuXrGsS0= Buypass Class 2 CA 1 +WVWuKRV0qTE0LPdFDhZlLt4eD7MJfhVx36wRyRVgFWQ= Buypass Class 2 Root CA +sD2HsFbQjMnU5nXvGcqDq1NTIWioJYWYvnLm2Fx918E= Buypass Class 3 Root CA +S9xjb0jSH7aMWjzUogaFeIBDvbUk5+hNQZLEUe40KbU= CA Disig +a8/IbI3cKvLmoRgKLdq7N7fqN1Uxa2S5uJUb8Mo1HwY= CA Disig Root R1 +cCEWzNi/I+FkZvDg26DtaiOanBzWqPWmazmvNZUCA4U= CA Disig Root R2 +UQ0g5cR/Y89mayD2GvYrwJmkKsgk/6RDotp8kLGAipE= Certigna +BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo= AddTrust Class 1 CA Root +NuzGH8fl8ZI9Fn5n3940YIVJs0pjx8bmD/1cGEA4H1w= Certinomis - Autorité Racine +axpQXgJG8vYMSQ/wwJenvichDLt1ACN/iLDNSCmLybg= Certinomis - Root CA +28HjoVI4oEg7zbj97GFuA+cFpI4qUBFXyt87nHMRxeU= +lzasOyXRbEWkVBipZFeBVkgKjMQ0VB3cXdWSMyKYaN4= Certum CA +qiYwp7YXsE0KKUureoyqpQFubb5gSDeoOoVxn6tmfrU= Certum Trusted Network CA +aztX6eyI0bs9AWN/8zx2mLPJdYJV6fAeqRePPn87K1I= Certum Trusted Network CA 2 +iir/vRocXRvcy7f1SLqZX5ZoBrP9DDoA+uLlLzyFOYk= Chambers of Commerce Root +ztQ5AqtftXtEIyLcDhcqT7VfcXi4CPlOeApv1sxr2Bg= Chambers of Commerce Root - 2008 +jtW0wEG2spPA5kEwFQZtMYSDyQH/aehqUh0MslVp8+g= Cisco Root CA 2048 +dy/Myn0WRtYGKBNP8ubn9boJWJi+WWmLzp0V+W9pqfM= Class 2 Primary CA +lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU= AddTrust External CA Root +mACOLtu3K61C2i/LBqwaqgsubgxy6MogT7r9G7SHlEE= Common Policy +AG1751Vd2CAmRCxPGieoDomhmJy4ezREjtIZTBgZbV4= COMODO Certification Authority +aMNpIhRyTUtVp2D0cLT8qLXg/h1ynP8i/rTKiKzTmAk= ComSign CA +wGyHL8LQrAjXjUIZgfvaTjVQDQlG95iU7dIawp3sBxk= ComSign Global Root CA +zwtHSs6Eafq6QC8C7r354XANnL6L5OQ0hAe2ndMZbpQ= ComSign Secured CA +7KDxgUAs56hlKzG00DbfJH46MLf0GlDZHsT5CwBrQ6E= D-TRUST Root Class 3 CA 2 2009 +/zQvtsTIvTCkcG9zSJU58Z5uSMwF9GJUZU9mENvFQOk= D-TRUST Root Class 3 CA 2 EV 2009 +0d4q5hyN8vpiOWYWPUxz1GC/xCjldYW+a/65pWMj0bY= Deutsche Telekom Root CA 2 +gNv7l73Tkmuu5B9zxViPqhfXB7A630kHorxnfz7xcXw= Developer ID Certification Authority +I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o= DigiCert Assured ID Root CA +OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg= AddTrust Public CA Root +8ca6Zwz8iOTfUpc8rkIPCgid1HQUT+WAbEIAZOFZEik= DigiCert Assured ID Root G2 +Fe7TOVlLME+M+Ee0dzcdjW/sYfTbKwGvWJ58U7Ncrkw= DigiCert Assured ID Root G3 +r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E= DigiCert Global Root CA +i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY= DigiCert Global Root G2 +uUwZgwDOxcBXrQcntwu+kYFpkiVkOaezL0WYEZ3anJc= DigiCert Global Root G3 +WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18= DigiCert High Assurance EV Root CA +Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw= DigiCert Trusted Root G4 +itsjhVSgy/w6Ef7MGD480sI9JeeJTPK7rljrcKROfPM= DoD Root CA 2 +PDXhZL7dLPEr64Ps/3i16A2oFY0oMCF+Tr/86JKImaY= DST ACES CA X6 +Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys= DST Root CA X3 +xzr8Lrp3DQy8HuQfJStS6Kk9ErctzOwDHY2DnL+Bink= AddTrust Qualified CA Root +mLPxCgJQQZEPGXzxfKD83+11+yyMFKhD4E1WVsnrrBo= DST Root CA X4 +wa0bGJjsOVBI3wcL+iF+JckTvtjKa3PeCFUohGoBA8E= E-Tugra Certification Authority +NVHeWKfXnNmAKD34F5DWOpgsGmOzBILsWCHbdmFVTvk= EBG Elektronik Sertifika Hizmet Sağlayıcısı +MJ8T1J6mb1IyQbVVJHREZOKMwbgu95tk5NWBiA3Ndx8= Echoworx Root CA2 +VhdNOtlxqJRJZLGJgR8wCEk6apBCLjxYBOyDjU+U9iI= EE Certification Centre Root CA +bb+uANN7nNc/j7R95lkXrwDg3d9C286sIMF8AnXuIJU= Entrust Root Certification Authority +/qK31kX7pz11PB7Jp4cMQOH3sMVh6Se5hb9xGGbjbyI= Entrust Root Certification Authority - EC1 +du6FkDdMcVQ3u8prumAo6t3i3G27uMP2EOhR8R0at/U= Entrust Root Certification Authority - G2 +HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048) +HqPF5D7WbC2imDpCpKebHpBnhs6fG1hiFBmgBGOofTg= Entrust.net Certification Authority (2048) +P6t4T8PJq57twS7NwNtVD0w9v9PobXiBUzPF66UYy50= Admin-Root-CA +YlVMFwBVQ7I3IV8EJo3NL9HEcCQK08hmDiWuLFljD1U= +jotW9ZGKJb2F3OdmY/2UzCNpDxDqlYZhMXHG+DeIkNU= Federal Common Policy CA +h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU= GeoTrust Global CA +SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo= GeoTrust Primary Certification Authority +vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs= GeoTrust Primary Certification Authority - G2 +q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8= GeoTrust Primary Certification Authority - G3 +Tq2ptTEecYGZ2Y6oK5UAXLqTGYqx+X78vo3GIBYo+K8= Global Chambersign Root +knobhWIoBXbQSMUDIa2kPYcD0tlSGhjCi4xGzGquTv0= Global Chambersign Root - 2008 +cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A= GlobalSign +CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk= GlobalSign +bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU= AffirmTrust Commercial +fg6tdrtoGdwvVFEahDVPboswe53YIFjqbABPAdndpd8= GlobalSign +iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0= GlobalSign +K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q= GlobalSign Root CA +VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8= +Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA= Go Daddy Root Certificate Authority - G2 +pRovOgUOg4pQUGlleNu+2qwaEH7i2dSPrlBdGNDaXPg= +Gno6GmjdI2Hj87uFXzsm/NiLGX2N1N4Gzxs2KsiewTs= Hellenic Academic and Research Institutions RootCA 2011 +NsIjFBMaX78bcOpMz0vBOnd9k47GXh2iTjws/QHT0WM= Hongkong Post Root CA 1 +olpyFMK2yGFCraOd/y1z2GWqV4Q/3S23ez/r+CaD3i0= I.CA - Qualified Certification Authority, 09/2009 +B+hU8mp8vTiZJ6oEG/7xts0h3RQ4GK2UfcZVqeWH/og= IdenTrust Commercial Root CA 1 +lAcq0/WPcPkwmOWl9sBMlscQvYSdgxhJGa6Q64kK5AA= AffirmTrust Networking +WN1h/rNup9JYckNxcJFJyxITN4ZMrLLQmZrSBznQZHc= IdenTrust Public Sector Root CA 1 +lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com +KJa03b5hRXGDzH7Se9eKxQogf2kBxcUuU9wWdvm7HgY= Izenpe.com +lSwgOcAkPrUV3XPYP8NkMYSHT+sIYqmDdzHtm0dC4Xo= Izenpe.com +y+WsFdiLXKw/gebfO/tXvqYJWIE6R7d/PFy2uYGRvbU= Juur-SK +x0YSfF9rUpzp4pSO/ZRlRECJMZrPA/NNC/N+rcd9si8= KISA RootCA 1 +YWFnIBQzrqbI5eMHCvyvZ0kYj4FL0auxea6NrTq/Juw= Microsec e-Szigno Root CA 2009 +9Iut199qBmkNCuMTc7EoVfje2xRRfzYqMTEBzJjMazU= NetLock Arany (Class Gold) Főtanúsítvány +pAA71b3YlOAajgHga2LHqoLwPeUlMTNXCq1P0OfYHTw= NetLock Kozjegyzoi (Class A) Tanusitvanykiado +MtGA7THJNVieydu7ciEjuIO1/C3BD5/KOpXXfhv8tTQ= Network Solutions Certificate Authority +x/Q7TPW3FWgpT4IrU3YmBfbd0Vyt7Oc56eLDy6YenWc= AffirmTrust Premium diff --git a/t/02_hpkp_pinning.t b/t/02_hpkp_pinning.t new file mode 100755 index 0000000..8de07b1 --- /dev/null +++ b/t/02_hpkp_pinning.t @@ -0,0 +1,79 @@ +#!/usr/bin/env perl + +use strict; +use Test::More; +use Data::Dumper; +use JSON; + +my $tests = 0; + +my ( + $out, + $json, + $found, +); +# OK +pass("Running testssl.sh against ssl.sectionzero.org"); $tests++; +$out = `./testssl.sh -H --jsonfile tmp.json --color 0 ssl.sectionzero.org`; +$json = json('tmp.json'); + +# It is better to have findings in a hash +# Look for a leaf cert match in the process. +my $found = 0; +my %findings; +foreach my $f ( @$json ) { + $findings{$f->{id}} = $f; + if ( $f->{finding} =~ /matches the leaf certificate/ ) { + $found++; + } +} +is($found,1,"We found 1 'matches the leaf certificate' finding"); $tests++; +like($out,'/Leaf cert match/',"There is a 'Leaf cert match' in the text output"); $tests++; + +# Sub CA match +ok( exists $findings{"hpkp_YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"},"We have a finding for key YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"); $tests++; +like($findings{"hpkp_YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"}->{finding},'/Intermediate CA key matches a key pinned in the HPKP header/',"We have our Sub CA finding"); $tests++; +is($findings{"hpkp_YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg"}->{severity}, "OK", "The finding is ok"); $tests++; +like($out,'/Sub CA match \: YLh1dUR9y6Kja30RrAn7JKnbQG\/uEtLMkBgFF2Fuihg/',"There is a 'Sub CA match' in the text output"); $tests++; + +# Root CA match Lets encrypt +ok( exists $findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"},"We have a finding for key Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"); $tests++; +like($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{finding},'/Root CA key matches a key pinned in the HPKP header/',"This is a Root CA finding"); $tests++; +like($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{finding},'/DST Root CA X3/',"Correct Root CA"); $tests++; +like($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{finding},'/The CA is part of the chain/',"CA is indeed part of chain"); $tests++; +is($findings{"hpkp_Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys"}->{severity}, "OK", "The finding is ok"); $tests++; +like($out,'/Root CA match \: Vjs8r4z\+80wjNcr1YKepWQboSIRi63WsWXhIMN\+eWys/',"There is a 'Root CA match' in the text output"); $tests++; + +# Root CA StartCom +ok( exists $findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"},"We have a finding for key 5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"); $tests++; +like($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{finding},'/Root CA key matches a key pinned in the HPKP header/',"This is a Root CA finding"); $tests++; +like($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{finding},'/StartCom Certification Authority/',"Correct Root CA"); $tests++; +like($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{finding},'/The CA is not part of the chain/',"CA is indeed NOT part of chain"); $tests++; +is($findings{"hpkp_5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU"}->{severity}, "OK", "The finding is ok"); $tests++; +like($out,'/Root CA match \: 5C8kvU039KouVrl52D0eZSGf4Onjo4Khs8tmyTlV3nU/',"There is a 'Root CA match' in the text output"); $tests++; + +# Bad PIN +ok( exists $findings{"hpkp_123bad123bad123bad123bad123bad123bd123bad12"},"We have a finding for key 123bad123bad123bad123bad123bad123bd123bad12"); $tests++; +like($findings{"hpkp_123bad123bad123bad123bad123bad123bd123bad12"}->{finding},'/doesn\'t match anything/',"It doesn't match indeed"); $tests++; +is($findings{"hpkp_123bad123bad123bad123bad123bad123bd123bad12"}->{severity}, "WARN", "The finding is ok"); $tests++; +like($out,'/Unmatched key : 123bad123bad123bad123bad123bad123bd123bad12/',"There is an 'unmatched key' in the text output"); $tests++; + +like($findings{hpkp_keys}->{finding},'/5 keys pinned/',"5 keys pinned in json"); $tests++; +like($out,'/\# of keys: 5/',"5 keys pinned in text output"); $tests++; + +like($findings{hpkp_age}->{finding},'/90 days/',"90 days in json"); $tests++; +like($out,'/90 days/',"90 days in text output"); $tests++; + +like($findings{hpkp_subdomains}->{finding},'/this domain only/',"this domain only in json"); $tests++; +like($out,'/just this domain/',"just this domain text output"); $tests++; + +like($findings{hpkp_preload}->{finding},'/NOT marked for/',"no preloading in json"); $tests++; + +done_testing($tests); + +sub json($) { + my $file = shift; + $file = `cat $file`; + unlink $file; + return from_json($file); +} \ No newline at end of file diff --git a/testssl.sh b/testssl.sh index 7187daa..cdb3dd5 100755 --- a/testssl.sh +++ b/testssl.sh @@ -483,7 +483,7 @@ fileout() { # ID, SEVERITY, FINDING if "$do_json"; then "$FIRST_FINDING" || echo -n "," >> $JSONFILE - echo -e " { + echo " { \"id\" : \"$1\", \"ip\" : \"$NODE/$NODEIP\", \"port\" : \"$PORT\", @@ -963,6 +963,7 @@ run_hpkp() { local i local hpkp_headers local first_hpkp_header + local ca_hashes="$INSTALL_DIR/etc/ca_hashes.txt" if [[ ! -s $HEADERFILE ]]; then run_http_header "$1" || return 3 @@ -1029,27 +1030,117 @@ run_hpkp() { fileout "hpkp_preload" "INFO" "HPKP header is NOT marked for browser preloading" fi + # Get the pins first + pins=$(tr ';' '\n' < $TMPFILE | tr -d ' ' | tr -d '\"' | awk -F'=' '/pin.*=/ { print $2 }') + + + # Look at the host certificate first + # get the key fingerprint from the host certificate if [[ ! -s "$HOSTCERT" ]]; then get_host_cert || return 1 fi - # get the key fingerprint from the host certificate + hpkp_key_hostcert="$($OPENSSL x509 -in $HOSTCERT -pubkey -noout | grep -v PUBLIC | \ $OPENSSL base64 -d | $OPENSSL dgst -sha256 -binary | $OPENSSL base64)" - # compare it with the ones provided in the header - while read hpkp_key; do + hpkp_ca="$($OPENSSL x509 -in $HOSTCERT -issuer -noout|sed 's/^.*CN=//' | sed 's/\/.*$//')" + + # Get keys/hashes from intermediate certificates + $OPENSSL s_client -showcerts $STARTTLS $BUGS $PROXY -showcerts -connect $NODEIP:$PORT ${sni[i]} $TMPFILE 2>$ERRFILE + # Place the server's certificate in $HOSTCERT and any intermediate + # certificates that were provided in $TEMPDIR/intermediatecerts.pem + # http://backreference.org/2010/05/09/ocsp-verification-with-openssl/ + awk -v n=-1 "/Certificate chain/ {start=1} + /-----BEGIN CERTIFICATE-----/{ if (start) {inc=1; n++} } + inc { print > (\"$TEMPDIR/level\" n \".crt\") } + /---END CERTIFICATE-----/{ inc=0 }" $TMPFILE + nrsaved=$(count_words "$(echo $TEMPDIR/level?.crt 2>/dev/null)") + rm $TEMPDIR/level0.crt 2>/dev/null + + if [[ nrsaved -ge 2 ]]; then + echo -n "" > "$TEMPDIR/intermediate.hashes" + for cert_fname in $TEMPDIR/level?.crt; do + hpkp_key_ca="$($OPENSSL x509 -in "$cert_fname" -pubkey -noout | grep -v PUBLIC | $OPENSSL base64 -d | + $OPENSSL dgst -sha256 -binary | $OPENSSL enc -base64)" + hpkp_name="$(get_cn_from_cert $cert_fname)" + hpkp_ca="$($OPENSSL x509 -in $cert_fname -issuer -noout|sed 's/^.*CN=//' | sed 's/\/.*$//')" + [[ -n $hpkp_name ]] || hpkp_name=$($OPENSSL x509 -in "$cert_fname" -subject -noout | sed 's/^subject= //') + echo "$hpkp_key_ca $hpkp_name" >> "$TEMPDIR/intermediate.hashes" + done + fi + rm $TEMPDIR/level*.crt 2>/dev/null +# I'd like to keep all certs retrieved for debugging + + # Get keys from Root CAs + + pins_match=false + for hpkp_key in $(echo $pins); do +# exho needed here? ^^^^ + key_found=false + # compare pin against the leaf certificate if [[ "$hpkp_key_hostcert" == "$hpkp_key" ]] || [[ "$hpkp_key_hostcert" == "$hpkp_key=" ]]; then - out "\n$spaces matching host key: " + out "\n$spaces Host cert match: " pr_done_good "$hpkp_key" - fileout "hpkp_keymatch" "OK" "Key matches a key pinned in the HPKP header" + fileout "hpkp_$hpkp_key" "OK" "PIN $hpkp_key matches the leaf certificate" key_found=true + pins_match=true fi debugme out "\n $hpkp_key | $hpkp_key_hostcert" - done < <(tr ';' '\n' < $TMPFILE | tr -d ' ' | tr -d '\"' | awk -F'=' '/pin.*=/ { print $2 }') - if ! $key_found ; then - out "\n$spaces" + + # Check for intermediate match + if ! "$key_found"; then +# doesn't work, "grep: /tmp/ssltester.Dp2ovS/intermediate.hashes: No such file or directory" if teested against testss.sh + hpkp_matches=$(grep "$hpkp_key" $TEMPDIR/intermediate.hashes 2>/dev/null) + if [[ -n $hpkp_matches ]]; then + # We have a winner! + key_found=true + pins_match=true + out "\n$spaces Sub CA match: " + pr_done_good "$hpkp_key" + out "\n$spaces $(echo $hpkp_matches|sed "s/^[a-zA-Z0-9\+\/]*=* *//")" + fileout "hpkp_$hpkp_key" "OK" "Intermediate CA key matches a key pinned in the HPKP header. Key/CA: $hpkp_matches" + fi + fi + + if ! "$key_found"; then + hpkp_matches=$(grep -h "$hpkp_key" $ca_hashes | sort -u) + if [[ -n $hpkp_matches ]]; then + # We have a winner! + key_found=true + pins_match=true + if [[ $(count_lines "$hpkp_matches") -eq 1 ]]; then + match_ca=$(echo "$hpkp_matches" | sed "s/[a-zA-Z0-9\+\/]*=* *//") + else + match_ca="" + fi + out "\n\n$spaces Root CA match: " + pr_done_good "$hpkp_key" + echo "$hpkp_matches"|sort -u|while read line; do + out "\n$spaces $(echo $line |sed "s/^[a-zA-Z0-9\+\/]*=* *//")" + done + if [[ $match_ca == $hpkp_ca ]]; then + out " (part of the chain)" + fileout "hpkp_$hpkp_key" "INFO" "Root CA key matches a key pinned in the HPKP header. Key/OS/CA: $hpkp_matches. The CA is part of the chain" + else +# there's a root CA match for github AND this message. + out "\n$spaces This CA is not part of the chain and likely a backup PIN" + fileout "hpkp_$hpkp_key" "INFO" "Root CA key matches a key pinned in the HPKP header. Key/OS/CA: $hpkp_matches. The CA is not part of the chain, this is a backup PIN" + fi + fi + fi + + if ! "$key_found" && [[ $DEBUG -eq 1 ]]; then + # Houston we may have a problem + out "\n\n$spaces Unmatched key: " + out "$hpkp_key" + out "\n$spaces (This is OK for a backup pin of a leaf cert)" + fileout "hpkp_$hpkp_key" "INFO" "PIN $hpkp_key doesn't match anything. This could be ok if it is a backup pin for a leaf certificate" + fi + done + + # If all else fails... + if ! "$pins_match"; then pr_svrty_high " No matching key for pins found " - out "(CAs pinned? -- not checked for yet)" - fileout "hpkp_keymatch" "DEBUG" "The TLS key does not match any key pinned in the HPKP header. If you pinned a CA key you can ignore this" + fileout "hpkp_keymatch" "NOT ok" "None of the HPKP PINS match your leaf certificate, intermediate CA or known root CAs. You may have bricked this site" fi else out "--" @@ -7079,7 +7170,6 @@ check4openssl_oldfarts() { outln } - # FreeBSD needs to have /dev/fd mounted. This is a friendly hint, see #258 check_bsd_mount() { if [[ "$(uname)" == FreeBSD ]]; then @@ -7093,7 +7183,6 @@ check_bsd_mount() { fi } - help() { cat << EOF